analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://www.lucid.co

Full analysis: https://app.any.run/tasks/49c29101-ba6c-4ce2-aa60-47d9021ce626
Verdict: Malicious activity
Analysis date: October 05, 2022, 05:37:34
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

41BB3111868F2129B47690A98FFA696B

SHA1:

A4303B476AB83F4AF29A5F6A181DEA94260C8A22

SHA256:

70505419041EE1275CBE39213E0D67920F438D1C8D52366A77DED1F03515B584

SSDEEP:

3:N8DSLZud:2OLZud

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3084)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
3084"C:\Program Files\Internet Explorer\iexplore.exe" "https://www.lucid.co"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2936"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3084 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
17 793
Read events
17 675
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
16
Text files
60
Unknown types
12

Dropped files

PID
Process
Filename
Type
2936iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:BCC5ED8FEAF0D02852603E2F3F59C9E2
SHA256:246447CC8953BCACFC068096785A2FBA87C2974B0AEBDFAD8AB51ADDB55EBC6F
2936iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62binary
MD5:9CE6EDB339D3F7B6A2B7A57F1D3C03E5
SHA256:28E0642200B84C642E5AD87C955706ED70DA3838535A206A0F398B780522E6C6
2936iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894der
MD5:07DE4B03DAC47FE7EC3A2A1657BDFBC9
SHA256:482F51E720D68A0B65502D4AE3DCE666A5ED12B4328FF9C0BEDD2CB76E1498B4
2936iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D6243C18F0F8F9AEC6638DD210F1984_8CEE11BB26768F38F36AAC4B16D8E7F2binary
MD5:70FD13D16B235B603CE3345379F6AEC1
SHA256:87F510B5A61A32C742CFB1D14D9FCBE11C17FCC11906BFBD6B9D16E8BC20A8A3
2936iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\LBU1KSE1.htmhtml
MD5:F8317B5A63757022A8A9408D47CE2FD0
SHA256:F873227BE6D0B52397DCFF6273B1ED3988BBBAFA729CF638C52DE517991475E5
2936iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D6243C18F0F8F9AEC6638DD210F1984_FCCF6C575C9B175F039F2E39701074D6binary
MD5:94B732BCC28E017C4A26627884AFCEAD
SHA256:A74C5FA0886D3C11BD19903F4B5E2BCB9D5E72856F39AC7248DF856B92DEF4E3
2936iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4Fbinary
MD5:CB771DF181BA415A8AF444C4BB95C3A4
SHA256:0BFC94CB51B228020870DA5A4C839675F1FC18E32BCBEC71BC5BE7BFD1DEA1F2
2936iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62der
MD5:EA255872E73FB697BC8D09DAB5BBF5D4
SHA256:B5AE1C08ACCCB952335F77ED4058FEE54D5F5929CCAC1612F41C5F064C21D51A
3084iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442binary
MD5:459BBE4656D04A4B0D712F152BB92743
SHA256:943A5F0EEF01BDFB96B8B7B45395CDEEFD5DEFA097C7119D2A58840CBB7D22E5
2936iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D6243C18F0F8F9AEC6638DD210F1984_8CEE11BB26768F38F36AAC4B16D8E7F2der
MD5:16AE77773F459C7066D8B62466B63532
SHA256:DB95570060D6C76FE03EE40C41B36CA22A5A8D79B80AE594C7512722FDA06B3A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
16
TCP/UDP connections
86
DNS requests
28
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2936
iexplore.exe
GET
200
99.86.1.91:80
http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
US
der
1.51 Kb
whitelisted
2936
iexplore.exe
GET
200
65.9.58.56:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
US
der
1.70 Kb
whitelisted
3084
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?1f053d4a1ff12535
US
compressed
4.70 Kb
whitelisted
2936
iexplore.exe
GET
200
99.86.1.91:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D
US
der
1.39 Kb
shared
2936
iexplore.exe
GET
200
216.58.212.163:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEGOlwNI5ZtyUEgHpNAgRyd0%3D
US
der
471 b
whitelisted
3084
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?0d7612487fdc3bec
US
compressed
4.70 Kb
whitelisted
2936
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?3532958fcf14e750
US
compressed
4.70 Kb
whitelisted
2936
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?0b6d6166d7faefa6
US
compressed
4.70 Kb
whitelisted
2936
iexplore.exe
GET
200
143.204.214.74:80
http://ocsp.sca1b.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEAqiwrVTrO44BGFNz3SrIg8%3D
US
der
471 b
whitelisted
2936
iexplore.exe
GET
200
142.250.187.99:80
http://crl.pki.goog/gsr1/gsr1.crl
US
der
1.70 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3084
iexplore.exe
204.79.197.200:443
www.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2936
iexplore.exe
54.236.80.152:443
www.lucid.co
AMAZON-AES
US
unknown
2936
iexplore.exe
209.197.3.8:80
ctldl.windowsupdate.com
STACKPATH-CDN
US
whitelisted
3084
iexplore.exe
209.197.3.8:80
ctldl.windowsupdate.com
STACKPATH-CDN
US
whitelisted
2936
iexplore.exe
99.86.1.91:80
ocsp.rootg2.amazontrust.com
AMAZON-02
US
whitelisted
2936
iexplore.exe
143.204.214.74:80
ocsp.sca1b.amazontrust.com
AMAZON-02
US
whitelisted
2936
iexplore.exe
65.9.58.56:80
o.ss2.us
AMAZON-02
US
unknown
2936
iexplore.exe
65.9.66.109:443
lucid.co
AMAZON-02
US
suspicious
2936
iexplore.exe
99.86.4.32:443
d5x2n72glkaxl.cloudfront.net
AMAZON-02
US
suspicious
3084
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
EDGECAST
GB
whitelisted

DNS requests

Domain
IP
Reputation
www.lucid.co
  • 54.236.80.152
  • 54.80.29.216
  • 3.218.242.214
unknown
ctldl.windowsupdate.com
  • 209.197.3.8
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
o.ss2.us
  • 65.9.58.56
  • 65.9.58.66
  • 65.9.58.194
  • 65.9.58.231
whitelisted
ocsp.rootg2.amazontrust.com
  • 99.86.1.91
  • 99.86.1.190
  • 99.86.1.61
  • 99.86.1.226
whitelisted
ocsp.rootca1.amazontrust.com
  • 99.86.1.91
  • 99.86.1.190
  • 99.86.1.226
  • 99.86.1.61
shared
ocsp.sca1b.amazontrust.com
  • 143.204.214.74
  • 143.204.214.141
  • 143.204.214.169
  • 143.204.214.142
whitelisted
lucid.co
  • 65.9.66.109
  • 65.9.66.38
  • 65.9.66.89
  • 65.9.66.59
malicious
ocsp.digicert.com
  • 93.184.220.29
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.lucid.co